0
Undo
Votes
Recently we ran a Wapiti 3.0.0 scan against our test website and it found several XSS vulnerabilities associated with jevents. The instances found involved the category_fv. limitstart, and catids parameters. We are running jevents 3.4.43 on our test and production websites. I am trying to determine whether these issues are specifically with jevents or with our particular use of jevents.
I think this could be an issue with your template's pagination code?? Certainly the issue is triggered from the pagination - if you add &limit=2000 to the end of the URL the alert doesn't appear
Can you test using a different template to confirm the issue is from tour template?
If you'd like me to investigate further please send me login details for the test site
Can you test using a different template to confirm the issue is from tour template?
If you'd like me to investigate further please send me login details for the test site
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!
0
Undo
Votes
Thank you for the pointer to look specifically at the pagination. Our web developer is working through our custom com_jevents template to find and sanitize the pagination.
thanks for letting us know.
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!
- Page :
- 1
There are no replies made for this post yet.
Members Area
Show your support
Unlike many Joomla calendars we do not charge to download JEvents - please show your support for this project by becoming a member of the JEvents Club Club members get access to early releases, exclusive member support forums, and Silver and Gold members can use many exciting JEvents addons
Your membership will ensure that JEvents continues to be the best events calendar for Joomla.